According to a recent survey, 55 percent of U.S. businesses were impacted by payments fraud in 2022, and 6 out of 10 companies have been the victim of at least one fraud attempt over the last 12 months.
And these may be conservative numbers.
“I think those [statistics] are possibly understated because of the reluctance that people have to report that they’ve been a victim,” said Jeff Taylor, head of Commercial Fraud Forensics.
But there’s no doubt that payments fraud is on the rise – and businesses must be proactive in recognizing and working to prevent this type of fraud.
Taylor and Meriwether Martin, Non-Financial Risk Management group manager, recently spoke to Tim Mills, Regions’ Emerging and Digital Payments Group manager, about the surge in business payments fraud and how organizations can help protect themselves against fraud.
Common Fraud
Martin says that impersonation fraud is among the most common tactics used to perpetrate business payments fraud. Fraudsters often impersonate vendors or even banks.
With vendor impersonation, criminals pose as a legitimate vendor that the business remits money to on a regular basis and they will send a communication, asking the business to change payment instructions. This may include routing the payment to a fraudulent account. When conducted via email, this is known as Business Email Compromise.
Bank impersonation involves fraudsters pretending to be Regions or another financial institution. Martin explained that they “emulate our own forms of communication, our own emails, our own text messages, and they’re soliciting information from that customer.”
Unfortunately, fraudsters are getting savvier, and those impersonations look more and more like the real deal.
So, what can businesses do to protect themselves?
Best Practices
Taylor said there are three main industry suggested practices that businesses can lean into to help prevent fraud.
- Guard your house – By this, Taylor means business should conduct a thorough assessment to identify what potential vulnerabilities are; partner with the IT department or IT vendor to ensure that firewall protections are updated and all systems are patched and up-to-date; implement advanced password protocols; and use products that the bank offers such as Positive Pay and ACH Alert.
- Develop an employee training program – “The most vulnerable and important asset that companies have are their employees,” states Taylor. So it’s crucial to provide education and awareness to assist employees in their ability to recognize potential scams and points of compromise. Regions makes resources available to all businesses at com/stopfraud. Taylor also suggests conducting regular phishing exercises on employees to gauge their ability to be able to recognize and report the threat.
- Create a fraud and risk governance plan – This plan should identify and document the business’ risk tolerances. It should also document a detailed response plan for fraud that contains contact information of all the people that are going to contribute to the business recovery. “It’s just like a portion of your business continuity plan that you would invoke in the event of a natural disaster,” Taylor says.
Mills said there’s no magic solution when it comes to fraud, but when he asked what’s one thing – the simplest thing – that businesses could start today to begin implementing an anti-fraud strategy, Taylor suggested starting a callback control for payment requests that businesses receive.
At Regions, the method is known as Stop-Call-Confirm.
If associates receive an email or text message requesting change to a payment or initiating a payment, they STOP the process, CALL the person initiating the request at a known number, not the one in the email or text, and CONFIRM that the request is legitimate.
It’s a five-minute phone call that can potentially save you a whole lot of grief.Jeff Taylor, head of Commercial Fraud Forensics
Watch below to hear more from Mills, Taylor and Martin about business fraud prevention strategies.
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.